Hi. I am being blocked from the internet using IE about half the time. I get a lot of popups which wasn't a problem before and I'm getting occasional redirects. AVAST is chiming in that it blocked a threat every couple minutes, that began happening yesterday along with the internet blocking.
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-12-21 08:51:01
-----------------------------
08:51:01.026 OS Version: Windows x64 6.2.9200
08:51:01.026 Number of processors: 4 586 0x3C03
08:51:01.026 ComputerName: PURPLE UserName: l
08:51:52.446 Initialize success
08:51:52.446 VM: initialized successfully
08:51:52.446 VM: Intel CPU BiosDisabled
08:51:55.244 VM: disk I/O iaStorA.sys
08:51:59.198 AVAST engine defs: 14122100
08:52:00.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
08:52:00.151 Disk 0 Vendor: ST2000DM001-1CH164 HP33 Size: 1907729MB BusType: 11
08:52:00.844 Disk 0 MBR read successfully
08:52:00.846 Disk 0 MBR scan
08:52:00.848 Disk 0 unknown MBR code
08:52:00.898 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
08:52:01.736 Disk 0 scanning C:\windows\system32\drivers
08:52:34.648 Service scanning
08:53:05.494 Modules scanning
08:53:05.498 Disk 0 trace - called modules:
08:53:05.882 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
08:53:05.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800bd5c060]
08:53:05.889 3 CLASSPNP.SYS[fffff88000af4e0a] -> nt!IofCallDriver -> [0xfffffa800979ab20]
08:53:05.892 5 ACPI.sys[fffff88000edfa91] -> nt!IofCallDriver -> [0xfffffa800975bbf0]
08:53:05.896 7 ACPI.sys[fffff88000edfa91] -> nt!IofCallDriver -> \Device\00000036[0xfffffa800ac547f0]
08:53:09.449 AVAST engine scan C:\windows
08:53:15.490 AVAST engine scan C:\windows\system32
08:55:18.240 AVAST engine scan C:\windows\system32\drivers
08:55:41.196 AVAST engine scan C:\Users\l
09:07:13.347 Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat"
09:07:13.350 The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR.txt"
09:11:04.542 AVAST engine scan C:\ProgramData
09:12:32.707 Scan finished successfully
09:16:07.837 Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat"
09:16:07.842 The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR1.txt"
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by l at 2014-12-21 09:16:57
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
==================== Restore Points =========================
07-12-2014 03:00:33 Scheduled Checkpoint
10-12-2014 06:44:18 Windows Update
11-12-2014 13:19:38 Installed e-Sword.
16-12-2014 21:38:23 Windows Update
20-12-2014 12:40:31 Tweaking.com - Windows Repair
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 23:26 - 2014-07-04 13:17 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4EE02507-526F-4BBE-B0F0-1A156EB6930E} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {99F30CCB-5A7E-4740-99C3-45A2FC1E5C6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {9A9DBE97-D3F9-4BE4-A9B9-C849CFBE0BBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-05-04 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-10 12:25 - 2013-01-10 12:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2014-12-21 02:38 - 2014-12-21 02:38 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122100\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00718152 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\libglesv2.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00126280 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\libegl.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 08537928 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\pdf.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00353096 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 01732936 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\ffmpegsumo.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 14669128 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/21/2014 09:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pucvpreksj.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: wuvqcpkenbe.dll, version: 55.45.103.0, time stamp: 0x5496bdfb
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0xfc0
Faulting application start time: 0xpucvpreksj.exe0
Faulting application path: pucvpreksj.exe1
Faulting module path: pucvpreksj.exe2
Report Id: pucvpreksj.exe3
Faulting package full name: pucvpreksj.exe4
Faulting package-relative application ID: pucvpreksj.exe5
Error: (12/21/2014 08:24:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: AcLayers.DLL, version: 6.2.9200.16420, time stamp: 0x505aa251
Exception code: 0xc0000374
Fault offset: 0x0000000000006ad9
Faulting process id: 0x3804
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (12/21/2014 07:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000374
Fault offset: 0x000daa14
Faulting process id: 0x1b7c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (12/21/2014 03:03:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (12/21/2014 03:03:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (12/21/2014 03:01:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (12/21/2014 03:01:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (12/21/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x1dd4
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5
Error: (12/21/2014 00:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x1c98
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5
Error: (12/20/2014 04:56:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0d719f48
Faulting process id: 0x1bac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
System errors:
=============
Error: (12/21/2014 08:49:19 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (12/21/2014 08:49:38 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d8a6db34e9, 0xb3b7465ef95ae2c5, 0xfffff8800099b700, 0x0000000000000002)C:\windows\Minidump\122114-25453-01.dmp122114-25453-01
Error: (12/21/2014 08:49:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:35:00 AM on 12/21/2014 was unexpected.
Error: (12/20/2014 00:34:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (12/20/2014 00:09:22 PM) (Source: DCOM) (EventID: 10010) (User: PURPLE)
Description: Microsoft.WindowsLive.ModernPhotos.AppXsjk229593yvkhw8w13eans3t0eh9strp.wwa
Error: (12/20/2014 00:08:34 PM) (Source: DCOM) (EventID: 10010) (User: PURPLE)
Description: Microsoft.ZuneVideo.AppX0691txe4bqr477kft85hfv93agd4v0e0.wwa
Error: (12/20/2014 10:19:10 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (12/17/2014 09:04:23 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/12/2014 07:32:02 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/12/2014 07:23:03 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (12/21/2014 09:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pucvpreksj.exe36.0.1985.14353e2e515wuvqcpkenbe.dll55.45.103.05496bdfbc0000005000140fbfc001d01d2f6b73e0f3C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exeC:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dllfc747dc5-8922-11e4-bebd-0c84dc3bd976
Error: (12/21/2014 08:24:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7AcLayers.DLL6.2.9200.16420505aa251c00003740000000000006ad9380401d01d286286966bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\AppPatch\AppPatch64\AcLayers.DLL0c209dfa-891d-11e4-bebc-0c84dc3bd976
Error: (12/21/2014 07:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2antdll.dll6.2.9200.1704653b485c4c0000374000daa141b7c01d01d1db81197f8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll1ec8ec72-8912-11e4-bebc-0c84dc3bd976
Error: (12/21/2014 03:03:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (12/21/2014 03:03:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (12/21/2014 03:01:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (12/21/2014 03:01:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (12/21/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e1dd401d01cfc8063ef11C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllcc9cc32f-88ef-11e4-bebc-0c84dc3bd976
Error: (12/21/2014 00:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e1c9801d01ce46d0ee5d7C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dlle6615f09-88d7-11e4-bebc-0c84dc3bd976
Error: (12/20/2014 04:56:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c00000050d719f481bac01d01ca7538ede1aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown62bf1334-889b-11e4-bebc-0c84dc3bd976
CodeIntegrity Errors:
===================================
Date: 2014-07-02 16:03:45.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-02 16:03:45.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-05-17 08:12:37.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-05-17 08:12:37.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-30 16:32:03.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 26%
Total physical RAM: 12207.45 MB
Available physical RAM: 9030.9 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 9278.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1791.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by l (administrator) on PURPLE on 21-12-2014 09:16:28
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\windows\System32\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [wuvqcpkenbe] => regsvr32.exe /s "C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll" <===== ATTENTION
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\RunOnce: [Adobe Speed Launcher] => 1419173470
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]
Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Avast SafePrice) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
U3 aswMBR; \??\C:\Users\l\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 09:16 - 2014-12-21 09:16 - 00022709 _____ () C:\Users\l\Desktop\FRST.txt
2014-12-21 09:16 - 2014-12-21 09:16 - 00002169 _____ () C:\Users\l\Desktop\aswMBR1.txt
2014-12-21 09:16 - 2014-12-21 09:16 - 00000512 _____ () C:\Users\l\Desktop\MBR.dat
2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
2014-12-20 12:26 - 2014-12-21 09:04 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-20 12:10 - 2014-12-20 12:10 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
2014-12-02 19:32 - 2014-12-21 08:51 - 00000000 ___RD () C:\Users\l\iCloudDrive
2014-12-02 19:32 - 2014-12-21 08:23 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc
2014-11-25 08:41 - 2014-11-25 08:41 - 00000188 _____ () C:\Users\l\Desktop\Bourbon Dork.url
2014-11-23 19:25 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-23 19:23 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-23 19:23 - 2014-11-23 19:23 - 00001812 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-23 19:23 - 2014-11-23 19:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-23 19:19 - 2014-11-23 19:19 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-11-23 18:13 - 2014-12-17 16:32 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
2014-11-23 18:13 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-23 18:13 - 2014-12-02 19:31 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
2014-11-23 18:13 - 2014-11-23 18:13 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-23 18:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-11-23 18:12 - 2014-11-23 19:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files\iTunes
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-23 18:12 - 2014-11-23 18:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\l\AppData\Local\Apple
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files\iPod
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-22 19:44 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-22 19:44 - 2014-11-22 19:44 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 19:44 - 2014-11-22 19:44 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-22 19:44 - 2014-11-22 19:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-22 19:44 - 2014-11-22 19:44 - 00001997 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 09:16 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
2014-12-21 09:14 - 2014-11-12 22:15 - 00004948 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
2014-12-21 09:06 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-12-21 09:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-21 08:55 - 2014-04-19 09:23 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-12-21 08:54 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 08:53 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-12-21 08:51 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 08:50 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 08:50 - 2013-07-17 11:49 - 00003619 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-12-21 08:50 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
2014-12-21 08:49 - 2012-08-10 17:49 - 00403380 _____ () C:\windows\PFRO.log
2014-12-21 08:49 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-21 08:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 23:52 - 2014-04-19 09:14 - 01731943 _____ () C:\windows\WindowsUpdate.log
2014-12-20 12:34 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-20 12:10 - 2014-06-30 07:21 - 02122240 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-12-20 10:19 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
2014-12-19 14:40 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
2014-12-19 14:40 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
2014-12-14 14:17 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-14 14:16 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-02 19:32 - 2014-04-27 08:41 - 00288256 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live
2014-11-26 15:11 - 2014-10-16 11:19 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:11 - 2014-10-16 11:19 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 18:12 - 2013-07-17 11:32 - 00000000 ____D () C:\ProgramData\Apple
2014-11-22 19:44 - 2014-05-04 15:20 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-22 19:44 - 2014-05-04 15:19 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
Some content of TEMP:
====================
C:\Users\l\AppData\Local\temp\bmlhhkx.dll
C:\Users\l\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmueimr.dll
C:\Users\l\AppData\Local\temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\l\AppData\Local\temp\mbam-setup.exe
C:\Users\l\AppData\Local\temp\Quarantine.exe
C:\Users\l\AppData\Local\temp\SAS6_Update.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-20 03:00
==================== End Of Log ============================